Hi Jeff, > This is definitely a bug. The regular expression we're using to > extract the common name (CN) from the distinguished name (DN) is > /^.*?CN\s*=\s*(.*)/ [1] > > This is a greedy regular expression which explains why it's also > grabbing the email address. I think we need to fix this to only match > up to the next / character or the end of the string. > > Before I go fix this right now, are we sure this is a valid encoding > for the fields in the DN? What software are you using to produce > these certificates?
I made those certs with OpenSSL (0.9.8q) and that's the default encoding it'll use, unless explicitly configured to move emailAddress to subjectAltName[1] (as recommended in RFC 3850) or if one sets -noemailDN option[2]. > I've filed the bug here and added you as a watcher Andrew: > http://projects.puppetlabs.com/issues/14852 > > [1] > https://github.com/puppetlabs/puppet/blob/master/lib/puppet/network/http/rack/rest.rb#L89 Great, thanks. Andrew. [1] http://www.macfreek.nl/memory/Email_in_certificates [2] http://www.mail-archive.com/openssl-dev@openssl.org/msg10075.html -- [ a...@zx23.net ] -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
